Re: Odoo security

by

Martin

- 07/27/2015 08:24:24

Quoting Raphaël Valyi <rvalyi@akretion.com>:
> my personal opinion may not make everybody happy, but I think it's
> counter productive: I think bundling the ERP and an
> ecommerce-website inside the same runtime is a dead end.
I agree.
> Any breach (potentially due to a customization, an ERP needs a lot
> of customizations) can be exploited to hijack all your business
> data... Breaches are even more likely as an ERP as orders of
> magnitude more functional attack surface than an e-commerces or a
> website.
I agree, again.
However, I believe one could solve this problem within the Odoo
ecosystem.
What is needed are two Odoo instances: One with public interface,
e.g. e-commerce/shop, customer ticket system etc. The second
instance would have all data, both public and confidential. And
then one would need a very good two-way synchronisation between
the instances with intelligent filtering.
Cheers